diff options
| author | datafoo <34766150+datafoo@users.noreply.github.com> | 2023-04-19 14:11:40 +0200 |
|---|---|---|
| committer | github-actions[bot] <github-actions[bot]@users.noreply.github.com> | 2023-04-20 14:57:56 +0000 |
| commit | 25a8827b904c16fbe89c8e7cce152671e8d7d42c (patch) | |
| tree | ca33fc66c0ba2856943683c3e56c1f0b094b43e0 | |
| parent | Merge pull request #227164 from NixOS/backport-226177-to-release-22.11 (diff) | |
| download | nixpkgs-origin/backport-227054-to-release-22.11.tar.gz | |
nixos/fail2ban: add extraSettings optionorigin/backport-227054-to-release-22.11
(cherry picked from commit cc6f4a8fd2f20eb352ea76a7adb4e28f1a14b60a)
| -rw-r--r-- | nixos/modules/services/security/fail2ban.nix | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/nixos/modules/services/security/fail2ban.nix b/nixos/modules/services/security/fail2ban.nix index e208eed008ae..ceeff6b8b463 100644 --- a/nixos/modules/services/security/fail2ban.nix +++ b/nixos/modules/services/security/fail2ban.nix @@ -203,6 +203,20 @@ in ''; }; + extraSettings = mkOption { + type = with types; attrsOf (oneOf [ bool ints.positive str ]); + default = {}; + description = lib.mdDoc '' + Extra default configuration for all jails (i.e. `[DEFAULT]`). See + <https://github.com/fail2ban/fail2ban/blob/master/config/jail.conf> for an overview. + ''; + example = literalExpression '' + { + findtime = "15m"; + } + ''; + }; + jails = mkOption { default = { }; example = literalExpression '' @@ -336,6 +350,10 @@ in # Actions banaction = ${cfg.banaction} banaction_allports = ${cfg.banaction-allports} + ${optionalString (cfg.extraSettings != {}) '' + # Extra settings + ${generators.toKeyValue {} cfg.extraSettings} + ''} ''; # Block SSH if there are too many failing connection attempts. # Benefits from verbose sshd logging to observe failed login attempts, |